Video conferencing applications exchange data over the network constantly. Consequently, a flaw in how incoming traffic is processed can compromise an account even while its owner does nothing at all. Zoom has now released urgent updates for Windows that close a critical vulnerability scoring 9.8 out of 10 on the CVSS 3.1 scale.
Which Products Are Affected
The flaw, tracked as CVE-2026-53412, affects the Zoom Desktop Client and Zoom VDI for Windows. The Meeting SDK for Windows originally appeared on the list of vulnerable products as well. However, Zoom later removed the development kit from the advisory. Clients for macOS, Linux, iOS, and Android remain unaffected.
A Zero-Click Path to Account Takeover
The vulnerability stems from insufficient validation of data the application receives over the network. As a result, an attacker with no account and no privileges of any kind can send specially crafted data and seize control of a victim’s account. The attack demands no click on a link, no file attachment, and no other user participation. Furthermore, Zoom rated the exploitation complexity as low.
What could a hijacked account expose? A successful attacker may gain access to meetings, chats, recordings, and profile data. Beyond that, the intruder could impersonate the legitimate account owner. For now, Zoom has withheld technical details and has reported no cases of exploitation in real-world attacks.
Discovery and Additional Fixes
Credit for the discovery goes to Zoom’s internal Offensive Security team. Alongside the critical bug, the company also patched three more serious vulnerabilities in its Windows products. These include flaws in privilege management and input handling.
What Users Should Do Now
Zoom users on Windows should install the latest versions of the Zoom Desktop Client and Zoom VDI without delay. Above all, obtain the update through the application’s built-in update mechanism or directly from Zoom’s official website.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.